[Purdue-pm] TripleDES

Mark Senn mark at ecn.purdue.edu
Sat Mar 31 20:16:41 PDT 2012

  Bradley Andersen wrote:
  > If you do, here's an encrypted string and the key (base 64):
  > RL5ZJUYNxNMnqa9wusptOSuDRAgIJ+mJ (string)
  > L1uu9NwccM0TJWTmUj2heiO/WHMl7wKP (key)


Use this code to decode it.  Perl may have something better that handles
the three parts of the key bundle behind the scenes but I think this may
work like you want.


use strict;
use warnings;

use Crypt::DES;
use MIME::Base64::Perl;

use feature 'say';

my $string64 = 'RL5ZJUYNxNMnqa9wusptOSuDRAgIJ+mJ';
my $key64    = 'L1uu9NwccM0TJWTmUj2heiO/WHMl7wKP';

my $string = decode_base64($string64);
my $key    = decode_base64($key64);

my $key1 = substr $key,  0, 8;
my $key2 = substr $key,  8, 8;
my $key3 = substr $key, 16, 8;

my $cipher1 = new Crypt::DES $key1;
my $cipher2 = new Crypt::DES $key2;
my $cipher3 = new Crypt::DES $key3;

my $output = '';
while (length $string)
    my $t = substr $string, 0, 8;
    $output .= $cipher1->decrypt($cipher2->encrypt($cipher3->decrypt($t)));
    $string = substr $string, 8;
say $output;


>From http://csrc.nist.gov/groups/STM/cavp/documents/des/tripledesval.html
    Notice: The DES Transition Plan has ended as of May 19, 2007. The
    DES Transition Plan addresses the use of single key DES by Federal
    agencies, which are incorporated in cryptographic algorithms. Therefore
    Triple DES Keying Option 3 (Key1 = Key2 = Key3) is no longer Approved.

>From reading I've done it looks like single and double DES are no
longer recommended but triple DES is still used.

The key is 32 characters long and each character is base 64
encoded so there are 32 * 6 = 192 bits in the key.

According to http://en.wikipedia.org/wiki/Triple_DES#Keying_options
    Triple DES uses a "key bundle" which comprises three DES keys, K1,
    K2 and K3, each of 56 bits (excluding parity bits). The encryption
    algorithm is:
        ciphertext = EK3(DK2(EK1(plaintext)))
    I.e., DES encrypt with K1, DES decrypt with K2, then DES encrypt with K3.

Continuing with http://en.wikipedia.org/wiki/Triple_DES#Keying_options
    Decryption is the reverse:
        plaintext = DK1(EK2(DK3(ciphertext)))
    I.e., decrypt with K3, encrypt with K2, then decrypt with K1.

See http://www.cryptosys.net/3des.html for instructions of how to
extract K1, K2 and K3 from the 192 bits in the key bundle.

Once you've got K1, K2, and K3 you may want to try using
MIME::Base64::Perl to do the 
        plaintext = DK1(EK2(DK3(ciphertext)))


More information about the Purdue-pm mailing list